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1. Basis of the report 



1 . Wilh regard to the elements or the international application:* 
| | the international application as originally filed 

the description: 

pages 1-12 

pages 

pages 



. as originally filed 



, filed wilh the demand 



, filed wilh the Idler of 



^ the claims: 
pages 

pages 

pages 



. as originally filed 

. as amended (together wilh any statement) under article 19 

, filed wilh the demand 



pages 1-5 



, filed with the letter of Q4 . 1Q . 2000 



^ the drawings: 
pages \j % 
pages 
pages 



, as originally filed 



filed wilh the demand 



, filed wilh Ihe letter of 



| 1 Ihe sequence listing part of the description: 
pages 

pages 

pages 



. as originally filed 



, filed wilh the demand 



. filed wilh the letter of 



2. With regard to the laugiiai>c, all the elements marked above were available or furnished to this Authority in the language in wliieh 
the international applicalion was filed, unless otherwise indicated under this ilem. 

These elements were available or furnished to this Authority in the following language which is: 

| [ Ihe language of a translation furnished for Ihe purposes of international search (under Rule 23. 1(b)). 
| | Ihe language of publication of the international application (under Rule 4X.3(b)). 

I I the language of the translation furnished for the purposes of international preliminary examination (under Rules 55.2 and/ 
1 1 or 55.3). 

3. Wilh regard to any nucleotide and/or amino acid sequence disclosed in the international application, the international 
preliminary examination was carried out on the basis of the sequence listing: 

[ | contained in the international applicalion in written form. 

| | filed together wilh Ihe international application in computer readable form. 

| | furnished subsequently to this Authority in written form . 

| | furnished subsequently to this Authority in computer readable form. 

I I The statement thai the subsequently furnished written sequence listing does not go beyond the disclosure in the 
— international application as filed has been furnished. 

□ The statement that the information recorded in computer readable form is identical to the written sequence listing has 
been furnished. 

4. | 1 The amendments have resulted in the cancellation of: 

| [ the description, pages 

□ 



the claims. Nos. 



| | the drawings, shccl/ftg 



3-D 



This report has been established as if (some of) the amendments had not been made, since they have been considered to go 
beyond the disclosure as filed, as indicated in the Supplemental Box (Rule 70.2 (c)).** 



Replacement sheets which have been furnished to the receiving Office in response to an invitation under Article 14 are refetred to 
in this report as "originally 'filed " and are annexed to this report since they do not contain amendments (Rules 70.16 
and 70,17). 

Any replacement sheet containing such amendments must be referred to under item 1 and annexed to this tvport. 
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V. Reasoned .statement under Article 35(2) with regard to novelty, inventive step or industrial applicability; 
citations and explanations .supporting such statement 



I . Statement 

Novelty (N) 



Claims 1-2 0 
Claims 



YES 
NO 



Inventive step (IS) 



Claims 
Claims 



1-20 



YES 
NO 



Industrial applicability (IA) 



Claims 
Claims 



1-20 



YES 
NO 



2. Citations and explanations (Rule 70.1) 

It is an object of the claimed invention to provide a 
transmission system adapted for the transmission of IP 
(Internet Protocol) data packets through a firewall. 

According to the invention the system includes means for 
temporarily opening the firewall to enable IP data packets to 
be transmitted through the firewall to the protected network. 
The firewall operates in a manner whereby a particular type of 
IP-packet, i.e. a Ping ( ICMP) -packet , is allowed to pass 
through the firewall, IP-traffic can pass through the firewall 
from the inside thereof to the outside thereof, and IP- 
traffic, similar to that which is sent from the inside of the 
firewall to the outside to the firewall, can be transmitted 
through the firewall to the protected network for a limited 
period of time. IN particular, the firewall opening means 
include two IC-breakers, which are located on opposite sides 
of said firewall, and which have a structure and functionality 
dictated by the manner in which the firewall operates. 

Documents cited in the international search report: 
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Continuation of: V 

Dl discloses a method for screening data packets arriving at a 
screening system connected between two networks involves 
receiving a first packet from the first network as a current 
packet, and determining from the packet contents whether it is 
of a type to be passed to the second network. If it is suited 
for transfer to the second network, then a positive 
destination address is determined within the second network as 
specified by the current packet. The latter is then passed to 
an ersatz address which resides in a proxy system and which 
substitutes for the destination address. It is determined 
whether at least one action requested by the current packet is 
of an allowed type, and if not then rejects the packet. If the 
packet is acceptable then it is processed in accordance with 
its contents at the proxy or screening system. If the packet 
is rejected, then the system checks for the arrival of a new 
packet, which becomes the current packet (see abstract; column 
3, line 33-column 4, line 9; column 6, line 46-column 13, line 
6, especially, column 9, line 23-line31 and column 10, line 
50-column 11, line43) . 



D2 discloses a method and system for securely accessing 
servers over an internet-work. Each server includes a 
processor and a memory. A first server outside a company's 
firewall connects the company to the internet-work. A user or 
client sends a data packet with a server name to a second 
server identified by the server name and located within the 
company's firewall. The location address of the first server 
is retrieved according to the domain/server name, a connection 
is made with the first server according to the retrieved 
location address of the first server and the data packet with 
domain/server name in the sent data packet to a list of at 
least one internal address, wherein the at least one internal 
address of the list identifies the location of the second 
server. If an internal address is found to match the server 
name, the first server sends the packet to the internal 
address (see abstract; page 3, line 8-page 6, line 32; figure 
2 and claims 1-20) . 

D3 relates to an invention which comprises a method and system 
for allowing remote procedure calls through a network 
firewall. In accordance with an embodiment of the method of 
the invention, a request is received from an application 
server to allow remote procedure calls to pass through a 
firewall. The request is processed to determine whether the 
application server is authorised to receive remote procedure 
calls that have passed through the firewall. If the applica- 
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tion server was authorised, then an identification of the 
application server is placed in a filter table associated with 
the firewall and remote procedure calls are allowed to pass 
through the firewall to the application server if the 
identification of that application server appears in the 
filter table (see abstract; column 1, line 5 3 -column 2, line 
33; column 5, line 64-column 7, line 10 and claims 1-28) . 

D4 relates a method of directing an internal computer system 
that involves authenticating a connection initiated by the 
internal computer system to an external computer system (see 
abstract; column 1, line 47-column 2, line 26 and claims 1- 
12) . 

D5 discloses a novel system for controlling the inbound and 
outbound data packet flow in a computer network (see abstract; 
page 4, line 1-page 7 , line 20 and claims 1-26) . 

D6 relates to an apparatus and method for providing a secure 
firewall between a private network and a public network (see 
abstract; page 3, line 48-page 5, line 31 and claims 1-28) . 

Documents D3-D6 are state of the art documents that are used 
to give a better perspective for understanding the claimed 
invention . 

The invention according to Independent Claims 1, 8 and 13 
differs from Dl or D2 by that it is not mentioned either in Dl 
or in D2 that the system includes means for temporarily 
opening the firewall, and by the location of the first and 
second IC-breaker . 

It is mentioned in Dl that the packets will normally be logged 
in the log file storage, including whatever information the 
system administrator decides is important. Such information 
as: time of day; source and destination address; requested 
operations; other actions taken with respect to each packet; 
number of requests to date from this source and so on. Also, 
state information about the packets can also be determined, 
logged if desired, and altered by actions. These actions can 
be compared to the temporarily opening of the firewall for 
certain kind of packets. 
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Opening the firewall for a limited period of time can be 
compared to the timer functions in both D2 and D3 . Passing IP- 
traffic in both directions are mentioned in both Dl and D2 . 
Opening the firewall to give connection to, for example the 
Internet, is mentioned in D2, The IP-packet being a Ping- 
packet is mentioned in D2 and is considered obvious. Having 
IC-breakers are also considered as an obvious step. 
However, it is not considered obvious to include all the steps 
at the same time and to locate the IC-breakers as mentioned in 
claims 1, 8 and 13. 

The invention according to Claims 1-20 is novel, is considered 
to include an inventive step and to has industrial 
applicability. 
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CLAIMS 



1. A transmission system, adapted for the transmission of IP data packets, 
said system including an IP-network (IP-NET) and a network (LAN) protected by a 
firewall, said firewall being adapted to block incoming traffic to the protected 
network, and devices (IC-BREAKER 1 and IC-BREAKER 2) to open the firewall 
to enable IP data packets to be transferred through the firewall to the protected 
network, characterised in, that said devices to open the firewall include a first IC- 
breaker (IC-BREAKER 1) located on the IP-network side of the firewall and a 
second IC-breaker (IC-BREAKER 2) located on the protected network side of the 
firewall, that said firewall is transparent to a particular type of IP packets to enable 
communication between said IC-breakers through the firewall using said 
particular IP packets, and that said first IC-breaker is adapted to from the IP 
network equipment receive IP data packets, intended for the protected network 
(LAN), and that said first IC-breaker is adapted to, on receipt of such a particular 
IP data packet for the protected network, send said particular IP packet to said 
second IC-breaker, and besides an IP packet of said particular type, returned by 
said second IC-breaker to said first IC-breaker, occasionally opens the firewall, at 
which said first IC-breaker is adapted to, on receipt of a returned IP packet of said 
particular type, send said received IP data packet through the open firewall to the 
second IC-breaker, and that said second IC-breaker is adapted, on receipt of said 
IP data packet, to send the received IP data packet to the protected network. 

2. A transmission system, as claimed in claim 1, characterised in that said 
particular type of IP-packet is a Ping (ICMP)-packet. 

3. A transmission system, as claimed in claim 1 or claim 2, characterised in 
that said firewall is adapted to be transparent to IP-communication through the 
firewall from the inside to the outside thereof, and, for a limited period of time, 
open to IP-communication through the firewall from the outside to the inside 
thereof. 

4. A transmission system, as claimed in any preceding claim, characterised 
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in that said first IC-breaker (IC-BREAKER 1) is adapted, on receipt of an IP data 
packet, to store said IP data packet and send said stored IP data packet through 
the open firewall to the second IC-breaker (IC-BREAKER 2), when the firewall 
has been the opened. 



5. A transmission system, as claimed in any preceding claim, characterised 
in that said second IC-breaker (IC-BREAKER 2) is adapted to identify the size of 
a Ping IP-packet received from a sender in the form of a IC-breaker said size 
being indicative of the type of packet, which has been received and the port via 
which it was received. 



6. A transmission system, as claimed in any preceding claim, characterised 
in that said protected network is a Local Area Network (LAN). 

7. A transmission system, as claimed in any preceding claim, characterised 
in that said system is an Asynchronous Transfer Mode (ATM) transmission 
system, adapted for the transmission of IP data packets, using ATM as a carrier 
network. 



8. In a transmission system, adapted for the transmission of IP data packets, 
said system including an IP-Network (IP-NET) and a network (LAN) protected by 
a firewall, a method for the transmission of IP data packets to the protected 
network, said firewall being opened for a limited period of time and IP data 
packets are transmitted through the opened firewall to the protected network 
(LAN) characterised by a first IC-breaker (IC-BREAKER 1) being located on the 
outside of the firewall and a second IC-breaker (IC-BREAKER 2) being located on 
the inside of the firewall, and by 

IP data packets being received and stored by said first IC-breaker; 

on receipt of said IP data packets a particular type of IP-packets are 

transmitted by said first IC-Breaker to said second IC-breaker through the 

firewall; 

awaiting receipt of said particular type of IP-packet from said second IC- 
breaker, said IP-packet opening the firewall for a short period of time; and 
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sending said stored IP data packet through the open firewall to said 
second IC-breaker. 

9. A method, as claimed in claim 8, characterised by said particular type of 
IP-packet being a Ping (ICMP)-packet. 

10. A method, as claimed in claim 9, characterised by: 

the size of a Ping IP-packet received from said first IC-breaker (IC-Breaker 
1), being identified by said second IC-breaker (IC-Breaker 2), said size 
being indicative of the type of packets which have been received and the 
port via which it was received; 

ping IP-packet being returned to said first IC-breaker (IC-Breaker 1) by 
said second IC-breaker (IC-Breaker 2), thereby opening the firewall for a 
limited period of time; 

said second IC-breaker (IC-Breaker 2) awaiting receipt, from said first IC- 
breaker, of said IP data packet for the protected network, during said 
limited period of time said firewall is open; and 

said second IC-breaker (IC-Breaker 2) sending the received IP data packet 
to the protected network. 

11. A method, as claimed in any of claims 8 to 10, characterised in that said 
protected network is a Local Area Network (LAN). 

12. A method, as claimed in any of claims 8 to 11, characterised in that said 
system is an Asynchronous Transfer Mode (ATM) transmission system, adapted 
for the transmission of IP data packets, using ATM as a carrier network. 

13. Apparatus for providing access to a firewall protected network, including 
means for temporarily opening the firewall to enable IP data packets to be 
transmitted through the firewall to said protected network (LAN) characterised in 
that said means for temporarily opening the firewall include two IC-breakers, (IC- 
breaker 1 and IC-breaker 2) located on opposite sides of said firewall, and in that 
said firewall is adapted to allow IP-traffic from one side thereof the other side and 
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communication between said IC-breakers using a Ping service, a response to 
said Ping service temporarily opening the firewall for the transmission of IP data 
packets to said protected network (LAN). 



14. Apparatus as claimed in claim 13, characterised in that the IC-breaker, 

located on the outside of said firewall, is adapted to: 

store IP data packets destined for the protected network (LAN); 
send Ping IP-packets to the other IC-breaker through the firewall; 
await receipt of a returned Ping IP-packet from said other IC-breaker, said 
returned IP-packet opening the firewall for a limited period of time; and 
send said stored IP data packets through the open firewall to said other IC- 
breaker. 



15. Apparatus, as claimed in either claim 13, or claim 14, characterised in 
that the IC-breaker (IC-BREAKER 2), located on the protected network side of the 
firewall is adapted to: 

identify the size of a Ping IP-packet, received from a sender in the form of 
a IC-breaker, located outside the firewall, said size being indicative of the 
type of packet which has been received and the port via which it was 
received; 

return the Ping IP-packet to the sender, which opens the firewall for a 
limited period of time; 

await receipt, from the sender, of said IP data packet for the protected 
network during said limited period of time said firewall is open; and 
send the received IP data packets to the protected network. 

16. Apparatus, as claimed in claim 13, characterised in that the first one of 
said IC-breakers (IC-BREAKER 1) is located on the outside of the firewall and 
that the second one of said IC-breakers (IC-BREAKER 2) is located on the 
protected network side (LAN) of the firewall, in that said first IC-breaker is 
adapted to receive and store IP data packets destined for the protected network, 
in that said IC-breakers are adapted, on receipt, by said first IC-breaker, of a IP 
data packet for the protected network, to communicate with each other, through 
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the firewall, using Ping (ICMP)-packets, a Ping-packet returned by said second 
IC-breaker to said first IC-breaker temporarily opening the firewall for this type of 
traffic, in that said first IC-breaker (IC-BREAKER 1) is adapted, on receipt of the 
returned Ping-packet, to send IP data packets through the opened firewall to the 
second IC-breaker (IC-BREAKER 2), and in that said second IC-breaker is 
adapted, on receipt of said IP data packet, to send the received packets to the 
protected network. 

17. An IC-breaker adapted for use with apparatus as claimed in any of claims 
13 to 16, characterised In that said IC-breaker includes means for transmitting 
PING packets to an IC-breaker, located behind a firewall, means for storing a 
received IP packets, means for detecting receipt of said IP packets from within 
said firewall, and means, operative in response to receipt of IP packets to 
transmit stored IP packets. 

18. An IC-breaker adapted for use with apparatus as claimed in any of claims 
13 to 16, characterised in that said IC-breaker includes means for identifying a 
received PING packet and determining an associated IP packet type therefrom, 
means for transmitting an IP packets of said associated IP packet type through 
the firewall, means for receiving an IP packet transmitted through said firewall, 
and means for distributing said IP packet to a predetermined address. 

19. A transmission system, adapted for the transmission of IP data packets, 
said system including an IP-network (LAN) protected by a firewall, characterised 
in that said system includes an apparatus as claimed in any of claims 13 to 16. 

20. A communications system including a transmission system as claimed in 
any of claims 1 to 7 or claim 19, or operating in accordance with a method as 
claimed in any of claims 8 to 12. 
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(54) Title: TRANSMISSION SYSTEM ADAPTED FOR IP DATA PACKETS 
(57) Abstract 



EQUIPMENT 



The invention 
provides a transmission 
system, for example, 
an ATM transmission 
system, which is adapted 
for the transmission of IP 
data packets, and which 
includes an IP-network, 
a network protected by 
a firewall, and means 
for temporarily opening 
the firewall to enable 
IP data packets to be 
transmitted through the 
firewall to the protected 
network. The firewall 
operates in a manner 
whereby a particular 
type of IP-packet, i.e. a 
Ping (ICMP)-packet, is 
allowed to pass through 
the firewall, IP-traffic can 
pass through the firewall 
from the inside thereof 
to the outside thereof, and 
IP-traffic, similar to that 
which is sent from the 

inside of the firewall to the outside of the firewall, can be transmitted through the firewall to the protected network for a limited period 
of time. In particular, the firewall opening means include two IC-breakers, which are located on opposite sides of said firewall, and 
which have a structure and functionality dictated by the manner in which the firewall operates. In other words, when an IP data packet, 
destined for the protected networks, is received by the IC-breaker located on the outside of the firewall, the IC-breakers are adapted to 
communicate with each other to create the temporary opening in the firewall via which the IP data packet is sent to the protected network. 
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CLAIMS 

1 . A transmission system, adapted for the transmission of IP data packets, said 
system including an IP-network and a network protected by a firewall, said firewall 
being adapted to block incoming traffic to the protected network, characterised in 
that said system further includes means for temporarily opening the firewall to 
enable IP data packets to be transmitted through the firewall to the protected 
network. 

2. A transmission system, as claimed in claim 1, characterised in that said 
firewall is adapted to be transparent to: 

Ping (ICMP)-packets; 

IP-traffic passing through the firewall from the inside thereof to the outside 
thereof; and 

for a limited period of time, IP-traffic, similar to that which is sent from the 
inside of the firewall to the outside of the firewall, passing through the firewall 
from the outside thereof to the inside thereof. 

3. A transmission system, as claimed claim 2, characterised in that said means 
for temporarily opening the firewall include first and second IC-breakers, located on 
opposite sides of said firewall, and in that said IC-breakers have a structure and 
functionality dictated by the manner in which said firewall is adapted to operate. 

4. A transmission system, as claimed in claim 3, characterised in that said first 
IC-breaker is adapted, on receipt of an IP data packet, to; 



store said IP data packet; 
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send a Ping IP-packet to the second IC-breaker through the firewall; 

await receipt of a returned Ping IP-packet from the second IC-breaker, said 
IP- packet opening the firewall for a short period of time; and 

send said stored IP data packet through the open firewall to the second IC- 
breaker. 



5. A transmission system, as claimed in either claim 3, or claim 4, characterised 
in that said second IC-breaker is adapted to: 

- identify the size of a Ping IP-packet received from a sender located outside 
of the firewall, said size being indicative of the type of packet which has been 
received and the port via which it was received; 

- return the Ping IP-packet to the sender, which opens the firewall for a limited 
period of time; 

await receipt, from the sender, of an IP data packet for the protected network, 
during said limited period of time said firewall is open; and 

send the received IP data packet to the protected network. 

6. A transmission system, as claimed in claim 3, characterised in that said first 
IC-breaker is located on the IP-network side of the firewall and said second IC- 
breaker is located on the protected network side of the firewall, in that said first IC- 
breaker is adapted to receive IP data packets from IP-network equipments that are 
destined for the protected network, in that said IC-breakers are adapted, on receipt, 
by said first IC-breaker, of a IP data packet for the protected network, to 
communicate with each other, through the firewall, using Ping (ICMP)-packets. a 
Ping-packet returned by said second IC-breaker to said first IC-breaker temporarily 
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opening the firewall for this type of traffic, in that said first IC-breaker is adapted, on 
receipt of the returned Ping-packet, to send the IP data packet through the opened 
firewall to the second IC-breaker, and in that said second IC-breaker is adapted, on 
receipt of said IP data packet, to send the received packet to the protected network. 

7. A transmission system, adapted for the transmission of IP data packets, said 
system including an IP-network and a network protected by a firewall, characterised 
in that said firewall is adapted to allow: 

a particular type IP-packet to pass through the firewall to the protected 
network, 

IP-traffic to pass through the firewall from the inside thereof to the outside 
thereof, said IP-traffic opening the firewall for IP-traffic for a limited period of 
time; and 

IP-traffic, similar to that which is sent from the inside of the firewall to the 
outside of the firewall, to be transmitted through the firewall to the protected 
network during said limited period of time. 

8. A transmission system, as claimed in claim 7, characterised in that said 
particular type of IP-packet is a Ping (ICMP)-packet. 

9. A transmission system, as claimed in any preceding claim, characterised in 
that said protected network is a Local Area Network (LAN). 

10. A transmission system, as claimed in any preceding claim, characterised in 
that said system is an Asynchronous Transfer Mode (ATM) transmission system, 
adapted for the transmission of IP data packets, using ATM as a carrier network. 

11. In a transmission system, adapted for the transmission of IP data packets, 
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said system including an IP-Network and a network protected by a firewall, a method 
for the transmission of IP data packets to the protected network, characterised by 
opening said firewall for a limited period of time and by transmitting an IP data 
packet, through the opened firewall, to the protected network. 

12. A method, as claimed in claim 1 1 , characterised by said firewall allowing: 
a particular type of IP-packet to pass through; and 

IP-traffic to pass through, from the inside thereof to the outside thereof, said 
IP-traffic opening the firewall for said limited period of time; 

and by transmitting said IP data packet to said protected network during said limited 
period of time, said IP data packet being similar to the IP-traffic which opens the 
firewall for said limited period of time. 

1 3. A method, as claimed in claim 1 2, characterised by said particular type of IP- 
packet being a Ping (ICMP)-packet. 

14. A method, as claimed in either claim 12, or claim 13, characterised by said 
system including first and second IC-breakers, located on opposite sides of said 
firewall, and by said IC-breakers having a structure and functionality dictated by the 
manner in which said firewall operates. 

15. A method, as claimed in claim 1 4, characterised by said first IC-breaker being 
located on the outside of the firewall and said second IC-breaker being located on 
the inside of the firewall, and by said first IC-breaker: 

receiving and storing IP data packets for the protected network; 

on receipt of said IP data packet, sending Ping IP-packets to the second IC- 
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breaker through the firewall; 

awaiting receipt of a return Ping IP-packet from the second IC-breaker, said 
IP-packet opening the firewall for a short period of time; and 

sending said stored IP data packet through the open firewall to the second 
IC-breaker. 

A method, as claimed in claim 15, characterised by said second IC-breaker: 

identifying the size of a Ping IP-packet received from said first IC-breaker, 
said size being indicative of the type of packet which has been received and 
the port via which it was received; 

returning the Ping IP-packet to said first IC-breaker, thereby opening the 
firewall for a limited period of time; 

awaiting receipt, from said first IC-breaker, of said IP data packet for the 
protected network, during said limited period of time said firewall is open; and 

sending the received IP data packet to the protected network. 

A method, as claimed in claim 14, characterised by: 

said first IC-breaker being located on the IP-network side of the firewall and 
said second IC-breaker being located on the protected network side of the 
firewall; 

said first IC-breaker receiving and storing IP data packets from IP-network 
equipments that are destined for the protected network; 
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said IC-breakers, on receipt, by said first IC-breaker, of a IP data packet for 
the protected network, communicating with each other, through the firewall, 
using Ping (ICMP)-packets, a Ping-packet returned by said second IC- 
breaker to said first IC-breaker temporarily opening the firewall for this type 
of traffic; 

said first IC-breaker, on receipt of the returned Ping-packet, sending the IP 
data packet through the opened firewall to the second IC-breaker; and 

said second IC-breaker, on receipt of said IP data packet, sending the 
received packet to the protected network. 

18. A method, as claimed in any of claims 11 to 17, characterised in that said 
protected network is a Local Area Network (LAN). 

1 9. A method, as claimed in any of claims 11 to 1 8, characterised in that said 
system is an Asynchronous Transfer Mode (ATM) transmission system, adapted for 
the transmission of IP data packets, using ATM as a carrier network. 

20. Apparatus for providing access to a firewall protected network, characterised 
in that said arrangement includes means for temporarily opening the firewall to 
enable IP data packets to be transmitted through the firewall to said protected 
network. 

21. Apparatus, as claimed in claim 20, characterised in that said means for 
temporarily opening the firewall include two IC-breakers, located on opposite sides 
of said firewall, and in that said firewall is adapted to allow IP-traffic to be transmitted 
from the inside thereof to the outside thereof, and communication between said IC- 
breakers using a Ping service, a response to said Ping service temporarily opening 
the firewall for the transmission of IP data packets to said protected network. 
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22. Apparatus as claimed in claim 21, characterised in that said IC-breaker, 
located on the outside of said firewall, is adapted to: 

store IP data packets destined for the protected network; 

- send Ping IP-packets to the other IC-breaker through the firewall; 

await receipt of a returned Ping IP-packet from said other IC-breaker, said IP- 
packet opening the firewall for a limited period of time; and 

send said stored IP data packet through the open firewall to said other IC- 
breaker. 

23. Apparatus, as claimed in either claim 21, or claim 22, characterised in that 
said IC-breaker, located on the protected network side of the firewall is adapted to: 

identify the size of a Ping IP-packet received from a sender located outside 
the firewall, said size being indicative of the type of packet which has been 
received and the port via which it was received; 

return the Ping IP-packet to the sender, which opens the firewall for a limited 
period of time; 

await receipt, from the sender, of an IP data packet for the protected network, 
during said limited period of time said firewall is open; and 

send the received IP data packet to the protected network. 



24. Apparatus, as claimed in claim 21 1 characterised in that a first one of said IC- 
breakers is located on the outside of the firewall and a second one of said IC- 
breaker is located on the protected network side of the firewall, in that said first IC- 
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breaker is adapted to receive and store IP data packets destined for the protected 
network, in that said IC-breakers are adapted, on receipt, by said first IC-breaker, 
of a IP data packet for the protected network, to communicate with each other, 
through the firewall, using Ping (ICMP)-packets, a Ping-packet returned by said 
second IC-breaker to said first IC-breaker temporarily opening the firewall for this 
type of traffic, in that said first IC-breaker is adapted, on receipt of the returned Ping- 
packet, to send the IP data packet through the opened firewall to the second IC- 
breaker, and in that said second IC-breaker is adapted, on receipt of said IP data 
packet, to send the received packet to the protected network. 

25. An IC-breaker adapted for use with apparatus as claimed in any of claims 20 
to 24, characterised in that said IC breaker includes means for transmitting PING 
packets to an IC breaker located behind a firewall, means for storing a received IP 
packet, means for detecting receipt of an IP packet from within said firewall, and 
means, operative in response to receipt of an IP packet from within said firewall, to 
transmit IP stored packets. 

26. An IC-breaker adapted for use with apparatus as claimed in any of claims 20 
to 24, characterised in that said IC-breaker includes means for identifying a received 
PING packet and determining an associated IP packet type therefrom, means for 
transmitting an IP packet of the type associated with the received IP packet through 
the firewall, means for receiving an IP packet transmitted through said firewall, and 
means for distributing said IP packet to a predetermined address. 

27. A transmission system, adapted for the transmission of IP data packets, said 
system including an IP-network and a network protected by a firewall, characterised 
in that said system includes apparatus as claimed in any of claims 20 to 24. 

28. A communications system including a transmission system as claimed in any 
of claims 1 to 1 0 or claim 27, or operating in accordance with a method as claimed 
in any of claims 11 to 1 9. 



